#!/bin/bash

# openssl req -new -sha256 \
#     -key server.key \
#     -subj "/C=CN/ST=HL/O=Acme, Inc./CN=dns.xxt.asia" \
#     -reqexts SAN \
#     -config <(cat /etc/ssl/openssl.cnf \
#         <(printf "\n[SAN]\nsubjectAltName=DNS:xxt.asia,DNS:dns.xxt.asia")) \
#     -out server.csr

# openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -CAcreateserial \
#   -extensions SAN \
#   -extfile <(cat /etc/ssl/openssl.cnf \
#     <(printf "\n[SAN]\nsubjectAltName=IP:192.168.1.1")) \
#   -in server.csr -out server.crt

# =========================================================================
DOMAIN_NAME=dns.xxt.asia
ZONE_NAME=xxt.asia

openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=HL/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt

openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=HL/L=HB/O=Acme, Inc./CN=*.$ZONE_NAME" -out server.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:$ZONE_NAME,DNS:$DOMAIN_NAME") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

# chown bind:bind -R .
# docker cp resolver:/etc/bind/certs /opt/dns-cyber-range/
docker cp certs/ resolver:/etc/bind/
docker exec resolver chown bind:bind -R /etc/bind/certs